bad policy in registry??

E

ell

Well-Known Member
Reaction score
440
Hi, I have a xp system here with issues. I have run serveral scans and removed various infections but I still feel theres something going on here. Hihjack this is clean now, ran combofix, checked startups, still unable to run malwarebytes, keep getting a error 703, I installed MSE, that was unable to update correctly so I tried to uninstall it, fail. I have net access fine, no visible signs of infection, but I have found this policy that I am suspicious of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
Value: ScanWithAntiVirus 0x00000002

is this legit? could this explain why I can't install mwb correctly?
 
That particular issue with MalwareBytes is quite popular and isn't always as a result of an infection. Just my personal advice, from the symptoms you've described (major infection, failure to install AV software yet seems all clear), I'd check for rootkits using either a bootable av scanner (such as Kaspersky) or slaving the drive. On my Vista machine I have the same registry key except with a 'data' of "0x00000003", and my machine currently 100% clean. I think this is a legit key, it doesn't really seem to do anything malicous.
 
iisjman07 said:
That particular issue with MalwareBytes is quite popular and isn't always as a result of an infection. Just my personal advice, from the symptoms you've described (major infection, failure to install AV software yet seems all clear), I'd check for rootkits using either a bootable av scanner (such as Kaspersky) or slaving the drive. On my Vista machine I have the same registry key except with a 'data' of "0x00000003", and my machine currently 100% clean. I think this is a legit key, it doesn't really seem to do anything malicous.
Click to expand...

I just tried to install avg free, fail, I have thrown everything at this, even sas portable, in process explorer all I see zHotkey.exe in C:\windows\zHotkey.exe cannot be verified, suspect???
 
zhotkey

Description: Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
Click to expand...

Might be worth a disable because it won't do any harm if it's not running. Your previous comment furthers my belief that this system probably has a rootkit.
 
iisjman07 said:
zhotkey



Might be worth a disable because it won't do any harm if it's not running. Your previous comment furthers my belief that this system probably has a rootkit.
Click to expand...

blah, that just disabled the keyboard, windows updated failed, i'm running catchme now
 
You must log in or register to reply here.

Similar threads

HCHTech
Drive mapping with group policy
Replies
17
Views
3K
Sky-Knight
Sky-Knight
HCHTech
MSE / MBAM blocked by location
Replies
2
Views
950
HCHTech
HCHTech
O
Search does not work in My Documents Windows 7
Replies
3
Views
3K
ohio_grad_06
O
frederick
When is it OK to reinstall/reload Windows?
2 3
Replies
45
Views
10K
NJW
NJW
FoolishTech
All techs with d7II will receive d7x update...
Replies
3
Views
3K
FoolishTech
FoolishTech
Back
Top